On Tue, 1 Mar 2005, Vojtech Pavlik wrote:
>
> A nonprivileged user could inject mouse movement and/or keystrokes
> (using the sunkbd driver) into the input subsystem, taking over the
> console/X, where another user is logged in.
>
> Simply using a slightly modified inputattach on a PTY will do the trick.
Might an alternative be to just make writes to N_MOUSE require privileges?
Ie "reading is ok, and changing to N_MOUSE is ok, but tryign to write a
mouse packet is not"? The check should be easy enough to add to the
ldisc.write thing?
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
